Humans, a weak link in cybersecurity

Humans, a weak link in cybersecurity | Insurance Business

Humans, a weak link in cybersecurity
A leading local expert in information technology says cybersecurity is now more of a human issue rather than technical.

Kiwi organisations are dealing with an increasing number of cyberattacks let in by their own people, according to Origin IT, but are not doing enough to understand the issue and develop ways to improve their cybersecurity.

Drawing from its own experience dealing with hundreds of clients in New Zealand, Origin IT said that around 50% of the unidentified emails businesses received were opened by employees, with some 30% clicking on a link, an action often enough to allow a cyber breach. 

The Institute of Directors agreed that businesses aren’t doing enough to educate their employees despite the growing risk, with 62% of Kiwi businesses still unprepared for cyberattacks.

These cyberattacks were getting increasingly sophisticated and could outwit technological defences, and fool employees into opening unidentified emails and clicking links, the company said.

Michael Russell, Origin IT CEO, said to achieve the best information security, businesses should think of their employees first and technology second.

“Our relaxed nature in New Zealand means we’re too trusting and we’ve become a soft target to attacks from anywhere in the world − the way we approach information security needs to change,” said Russell.

“It is no longer enough to buy the best technology as people have become the weak point, they will make mistakes and let an attack in, whether intended or not.”

“It also only used to affect large organisations but now every day we hear of SMEs being hit with damaging and costly results.”

“So all organisations need to look at this issue from a people point of view. Information and knowledge is now one of most valuable assets so while the best technology is guarding your front door, your back door is open and your people will let your valuable information out,” Russell said.

Russell’s assertions were supported by 2016 survey findings by PWC, which revealed that employees, current service providers, consultants, and contractors, as more likely sources of security incidents than hackers.

According to the Symantec Internet Software Threat Report 2016, New Zealand experienced 108 ransomware attacks per day last year. The Computer Emergency Response Team, on the other hand, reported that New Zealand suffered $257 million in losses due to cyber breaches in 2015. 

Said Russell: “We want all organisations to be more aware of the issue and how cyber threats operate – if we know this, we can all play a part.”

Related stories:
Cyber insurance needs to keep up with evolving threat landscape
Underwriting agency aims to plug broker knowledge gap on cyber